For manufacturers, cyber threats have shifted from a low level concern to a strategic growth barrier. Rockwell Automation’s 10th ‘State of Smart Manufacturing’ report finds that cybersecurity risks are a major, ever present obstacle and are now the third largest impediment to growth in the next 12 months. Just as telling, more than one third of respondents intend to strengthen their IT/OT architecture within five years, shifting the focus from ‘find and patch’ to ‘design for resilience’.
That urgency isn’t theoretical. Remote work has introduced employee devices to networks that were previously locked down and cloud pilots route sensitive data through third party environments, while AI projects open new pathways between systems. Meanwhile, a talent shortage thins the ranks of defenders, even as regulators tighten controls and adversaries perfect attacks that hop effortlessly between IT and OT. Each pressure point amplifies the others, turning operational technology into both an engine of efficiency and a favoured target.
Staying ahead demands more than isolated fixes; it calls for persistent visibility, rapid detection and tight coordination among security, engineering and operations. Below, we unpack the forces reshaping OT security in 2025 to show how forward looking organisations are turning today’s threats into tomorrow’s competitive edge.
Trend 1: Hybrid work and expanded attack surfaces
“With hybrid workforces, many people are bringing in devices from home, either their phones or personal, and they’re connecting these to their operational environments. The risks involved with this aren’t going away; in fact, they’re growing,” said Ken Kully, cyber tech lead at Rockwell Automation.
The shift to hybrid work has brought flexibility and convenience, but it has also introduced new security challenges for OT environments. Remote access and personal devices have significantly expanded the attack surface, making OT systems more vulnerable than ever. According to the SANS 2024 ICS/OT Cybersecurity Report, 64% of organisations still lack adequate network monitoring, leaving critical gaps in their ability to detect threats.
For industries reliant on OT, a single weak link can have catastrophic consequences. A compromised device or an unsecured remote connection isn’t merely a data breach, it can halt production lines or disrupt critical infrastructure. Attackers are increasingly exploiting vulnerabilities where IT and OT systems intersect, turning this gap into a major concern for organisations.
To address these risks, businesses are adopting tools tailored to the complexities of OT environments. Endpoint detection systems, designed for OT’s legacy and diverse systems, are enabling teams to identify and mitigate vulnerabilities faster. Stricter ‘bring your own device’ policies are also cutting off common access points that attackers exploit. Encouragingly, the SANS report highlights that 75% of organisations now use multi-factor authentication to secure remote access, a crucial step forward.
Security operations centres (SOCs) are evolving to improve IT/OT collaboration. Unified SOCs, which allow teams to share insights and coordinate responses, show promise in enhancing threat detection and response. However, the report notes that only 30% of organisations have fully integrated IT and OT SOCs, highlighting the need for continued investment in this area.
As hybrid work expands, security strategies must evolve to keep pace. Safeguarding OT systems requires more than patching IT vulnerabilities, it demands a comprehensive approach that prioritises visibility, early detection and collaboration between IT and OT teams.
Trend 2: Compliance as a driver for cybersecurity maturity
“Regulation tends to move slower than technology, but compliance remains one of the biggest drivers for cybersecurity adoption. Without it, there’s often no fire under companies to address even basic issues,” said Zachary Woltjer, cyber data analyst, Rockwell Automation.
Compliance has come a long way, it’s no longer just a box to check. These days, it’s a key driver of cybersecurity maturity. With increasingly sophisticated threats, businesses are shifting to a proactive mindset, using global standards like NIST and ISA/IEC 62443 to guide their security strategies. This isn’t just about following the rules. It’s about building defenses that work and give companies an edge.
Falling short of compliance is a costly mistake. Regulatory fines, lawsuits and reputational damage add up fast. Imagine losing a multimillion-dollar deal because your business wasn’t seen as a safe partner. That’s the reality for companies that don’t prioritise compliance. It’s not just risky, it’s bad for business.
Compliance is most effective when it drives organisations to implement smarter, more proactive practices. Routine risk assessments, open incident reporting and robust vulnerability management have become essential. The truth is that compliance succeeds only when leaders fully support it. If executives don’t treat it seriously, it becomes just another document in a drawer. When leadership gets behind it, it becomes part of the culture, and that’s when real change happens.
Looking ahead, compliance is set to play an even more significant role. Businesses won’t just meet the basics, they’ll use compliance to stand out.
Trend 3: Accelerated IT/OT convergence
“We’re seeing more demand for data from the OT platform as organisations push for better integration. This creates vulnerabilities because IT technologies are being adapted to OT, often without fully understanding the impact on operations,” Tyler Bergman, cyber operations manager, Rockwell Automation.
IT and OT systems are coming together in ways that we couldn’t have imagined a few years ago. By blending IT’s ability to handle data with OT’s focus on operations, companies are finding ways to work smarter, faster and more efficiently. But there’s a catch. This growing integration creates new cybersecurity headaches. When these two systems merge, vulnerabilities that were never an issue for OT are suddenly on the radar and attackers are taking notice.
The problem is that IT vulnerabilities can spill into OT environments. Phishing emails might seem like an IT problem, but without clear boundaries, they could lead to serious disruptions on the shop floor. Imagine a production line grinding to a halt because an attacker jumped from IT systems into OT. The risks are very real, and they’re getting harder to ignore.
So, what are companies doing about it? Many are doubling down on network segmentation by keeping IT and OT separate while letting them collaborate where it matters. Others are setting up hybrid SOCs that monitor both systems. These SOCs aren’t just catching threats earlier and helping teams understand how IT and OT systems impact one another. According to the SANS 2024 survey, this integrated approach is already making a difference.
In 2025, IT/OT convergence will only accelerate as will the need for more innovative solutions. Real-time monitoring tools give teams the ability to catch issues early, stopping them before they cause significant disruptions. Hybrid SOCs are gaining traction as a practical solution, helping businesses stay flexible and maintain smooth operations even under pressure.
Trend 4: AI and Automation in threat detection
“AI has the potential to fill workforce gaps, especially in environments where teams are too small to keep up. It’s not just about anomaly detection but about creating efficiencies in how we secure OT environments,” Natalie Kalinowski, cyber technology consultant.
AI is slowly making its way into ICS/OT security, but it’s got a long road ahead. Only about 10% of ICS/OT environments currently use AI tools. That’s a small number, but the interest is growing. Companies are testing AI to catch unusual network activity or predict when a vulnerability might become a serious issue.
Here’s the tricky part: getting AI to work in these systems isn’t simple. Many security teams don’t have the expertise to run these tools, and when AI systems aren’t tuned properly, they can flood teams with alerts that don’t matter, or miss the real threats altogether. For industries where a few minutes of downtime means millions lost, it’s no wonder some are hesitant.
Still, the potential for AI is hard to ignore. Some tools could warn about weak spots days before they’re exploited. Others might launch a response the second an attack begins, reducing the time it takes to stop a breach. These aren’t just theoretical ideas, this is where the industry is heading. It’s not just about faster responses. AI could take over tedious, repetitive monitoring tasks, letting security teams focus on the big stuff.
By 2025, more companies will likely test AI solutions, especially in hybrid setups where AI works alongside human analysts. Full automation might still be years off, but the groundwork being laid now could change how industries defend their systems in the near future.
Trend 5: Workforce challenges and solutions
“One of the biggest gaps I hear about is workforce shortages. Often, a site might only have one or two people handling OT cybersecurity. These individuals are frequently thrown into the role without training, making it a tough learning curve,” Natalie Kalinowski, cyber technology consultant.
The ICS/OT cybersecurity field has a big problem. It doesn’t have enough skilled workers to meet the demand. With threats growing daily, companies need experts who know both IT and OT systems inside and out. But here’s the catch: there aren’t enough of them, and finding people with the right mix of skills is no easy task.
On top of that, most of the current workforce is new to the field. Over half of ICS professionals have been at it for less than five years. That’s a lot of people without deep experience or mentors to guide them. ICS/OT cybersecurity isn’t something you learn on the fly. It takes a mix of technical expertise and a solid understanding of industrial systems, which makes hiring even more challenging.
So, what’s the solution? Companies are ramping up training programs to build skills from the ground up. Some are partnering with universities to create a steady stream of qualified candidates. Others pair junior employees with seasoned pros to share knowledge on the job. It’s not a quick solution, but it’s a start.
The more significant challenge might be keeping skilled workers once they’re trained. Better pay, career growth and remote work options are becoming standard ways to keep talent from jumping ship. By 2025, we’ll likely see workforce development and retention move to the top of the priority list because all the tech in the world won’t matter without the right people running the show.
Trend 6: Cloud adoption with caution
“Cloud adoption is happening in OT, but with caution. Many organisations are hesitant because they’re still figuring out compliance requirements and how to ensure their systems remain secure in the process,” Tyler Bergman, cyber operations manager, Rockwell Automation.
Cloud technology is making strides in ICS/OT environments, offering new ways to handle monitoring, disaster recovery and data analysis. For instance, some companies use the cloud to process telemetry data from industrial equipment in real time. This can allow them to spot potential issues before they snowball into major disruptions. That’s a big win. But adoption, especially in critical industries like energy, hasn’t been as quick as expected.
Why the hesitation? Security and compliance are the most significant sticking points. Handing sensitive data to third-party providers feels risky when uptime and safety are non-negotiable. And then there’s the headache of conflicting regulations. Businesses want clarity on how and where data can be stored before they dive in. These concerns are hard to overlook for sectors like energy, where every second counts.
It’s not all doom and gloom. The cloud can offer scalability, cost-efficiency and easier management of large data sets. Take telemetry analysis, for example. The SANS report shows more companies using cloud platforms to catch anomalies before snowballing into costly problems.
Cloud adoption in ICS/OT is likely to grow, but with caution. Enhanced security measures like zero-trust frameworks are already easing some concerns. More explicit regulations could also help organisations feel more confident. By 2025, the cloud won’t replace traditional systems, but it can play a more significant role in shaping cybersecurity strategies.
The time to act is now
OT cybersecurity is criitical, with emerging trends reshaping how organisations secure their critical systems. These shifts highlight the evolving complexities and opportunities in safeguarding industrial environments, from hybrid workforces and IT/OT convergence to the cautious embrace of AI and cloud technologies. Integrating compliance as a strategic driver and workforce development as a priority further emphasises that cybersecurity is not just a technical challenge, it’s an organisational one.
As threats grow more sophisticated, staying ahead means being proactive. Aligning with global standards like NIST and ISA/IEC 62443, investing in cutting-edge technologies for threat detection and mitigation, and fostering a skilled workforce are no longer optional, they’re essential. At the same time, organisations must approach innovation thoughtfully, balancing adoption with robust risk management strategies.
The road to a resilient OT cybersecurity posture requires continuous improvement and a holistic approach. By addressing these challenges head-on, organisations can better defend against today’s threats and build the flexibility and strength needed to adapt. With the groundwork laid in 2024, the year 2025 promises to be a transformative period for OT security. The time to act is now, because protecting critical systems isn’t just about technology, it’s about securing the future.
For more information contact Rockwell Automation,
© Technews Publishing (Pty) Ltd | All Rights Reserved
printer friendly version